Avaya ERS 1600 Technical Configuration Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Network Router
  5. ERS 1600
  6. Technical configuration manual
Avaya ERS 1600 Technical Configuration Manual

Avaya ERS 1600 Technical Configuration Manual

Authentication, authorization and accounting (aaa) for ers and es
Hide thumbs Also See for ERS 1600:
Table of Contents

Advertisement

Quick Links

Download this manual
Ethernet Routing Switch
1600, 8300, 8600, 2500, 4500, 5500
Ethernet Switch
460/470
Engineering
Authentication, Authorization and
Accounting (AAA) for ERS and ES
Technical Configuration Guide
E.M.E.A. IP Core Sales Engineering
Document Date: November 2010
Document Number : NN48500-558
Document Version: 1.1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ERS 1600 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Avaya ERS 1600

Summary of Contents for Avaya ERS 1600

  • Page 1 Ethernet Routing Switch 1600, 8300, 8600, 2500, 4500, 5500 Ethernet Switch 460/470 Engineering Authentication, Authorization and Accounting (AAA) for ERS and ES Technical Configuration Guide E.M.E.A. IP Core Sales Engineering Document Date: November 2010 Document Number : NN48500-558 Document Version: 1.1...
  • Page 2 Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law.
  • Page 3 Abstract This document provides examples on configuring RADIUS & TACACS+ on the ERS 1600, 8300, 8600, 2500, 4500, 5500 and ES 460/470. This document covers some of the more popular Radius & TACACS+ commands and attributes how to configure server and client side. It gives also various examples with different users and details log files on client and server side.

  • Page 4: Table Of Contents

    Getting technical documentation ....................71 Getting product training ....................... 71 Getting help from a distributor or reseller ..................71 Getting technical support from the Avaya Web site ..............71 Authentication, Authorization and Accounting (AAA) for ERS and ES November 2010...
  • Page 5 Italic text in a Courier New font indicates text the user must enter or select in a menu item, button or command: ERS5520-48T# show running-config Output examples from Avaya devices are displayed in a Lucinda Console font: ERS5520-48T# show running-config ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 5520-24T-PWR ! Software version = v5.0.0.011...

  • Page 6: Overview

    1. Overview Access control is the way you control who is allowed access to the network server and what services they are allowed to use once they have access. Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your network device or access server.
  • Page 7 2.1.1 RADIUS Authentication With RADIUS authentication, a remote RADIUS client can authenticate users attempting to log in. The RADIUS server also provides access authority. RADIUS assists network security and authorization by managing a database of users. The switch can use the database to verify user names and passwords, as well as information about the type of access priority available to the user.
  • Page 8 RADIUS Packet Format – RFC 2865 Identifier Code Length Response Authenticator Attributes... RADIUS Codes Access-Request Status-Server (experimental) Access-Accept Status-Client (experimental) Access-Reject Reserved Access-Challenge RADIUS Attributes User-Name Framed-Protocol User-Password Framed-IP-Address CHAP-Password Framed-IP-Netmask NAS-IP-Address Framed-Routing NAS-Port Filter-Id …/… Service-Type Framed-MTU RADIUS Attributes Cont.
  • Page 9 2.1.2 RADIUS Accounting RADIUS accounting logs all of the activity of each remote user in a session on the centralized RADIUS accounting server. Session IDs for each RADIUS account are generated as 12-character strings. The first four characters in the string form a random number in hexadecimal format. The last eight characters in the string indicate, in hexadecimal format, the number of user sessions started since reboot.
  • Page 10 RADIUS Packet Format – RFC 2866 Identifier Code Length Response Authenticator Attributes ... RADIUS Codes Accounting-Request Accounting-Response RADIUS Attributes Acct-Status-Type Acct-Session-Time Acct-Delay-Time Acct-Input-Packets Acct-Input-Octets Acct-Output-Packets Acct-Output-Octets Acct-Terminate-Cause Acct-Session-Id Acct-Multi-Session-Id Acct-Authentic Acct-Link-Count Radius Attribute 40 : Acct-Status-Type. Length : 6 Value : The Value field is four octets.

  • Page 11: Avaya Switches Radius Support

    CLI commands. 2.1.6 RADIUS SNMP Accounting RADIUS accounting will record the duration of the SNMP version 1, 2 or 3 session and the number of packets/octets sent and received during the SNMP session. 2.2 Avaya Switches RADIUS Support RADIUS 802.1x RADIUS 802.1x...

  • Page 12: Radius Server Configuration - Using Freeradius

    2.3 RADIUS Server Configuration – Using FreeRadius The following RADIUS Server configuration is based on FreeRadius, www.freeradius.org. Once installed on a Linux host, there are several configuration files to edit as shown below 2.3.1 /etc/raddb/client.conf This file contains the NAS list with shared secret.
  • Page 13 The ES 460/470 and ERS 2500, 4500, 5500 switches each has two user access levels:  read-only or read-write The ERS 1600, 8300 and 8600 switches each has six different user access levels: ro, l1, l2, l3, rw and rwa Authentication, Authorization and Accounting (AAA) for ERS and ES...

  • Page 14: Radius Client Configuration

    Two different product lines, ES 460/470 Series and ERS 2500, 4500, 5500 each has the same logic for configuration whereas the ERS 1600, 8300 and 8600 each has a different logic for configuration. Network diagram with RADIUS client and server can be simplified and summarized in the following diagram.
  • Page 15 2.4.1 ES 460/470 Series and ERS 2500, 4500, 5500 ACLI or JDM (Java Device Manager) can be used to configure the switch. For simplicity and readability, we will document command line interface commands assuming the RADIUS server IP address is 10.10.50.40, and the client shared secret is ―Dda‖...
  • Page 16 2.4.2 ERS 1600, 8300 and 8600 ACLI is or JDM (Java Device Manager) can be used to configure the switch, for simplicity and readability, we will document command line interface commands To configure RADIUS 8600A:6# config radius server create 10.10.50.40 secret Dda 8600A:6# config radius server create 10.10.50.40 secret Dda usedby eapol...

  • Page 17: Radius Server & Client Log Files

    : N/A set : N/A With the ERS 1600, 8300, and 8600, you can change the RADIUS source IP address by using the following command :  8000A:6# config radius server create <ipaddr> secret <value> [usedby <value>] [port <value>] [priority <value>] [retry <value>] [timeout <value>] [enable <value>] [acct-port <value>] [acct-enable <value>]...
  • Page 18 Telnet to Switch with read-only user (bsro) type some commands 4548GT-PWR# show clock Current SNTP time 2008-02-21 15:52:36 GMT+01:00 Daylight saving time is DISABLED Time zone is set to 'METD', offset from UTC is 01:00 4548GT-PWR# conf t % Invalid input detected at '^' marker.
  • Page 19  Please note that the log file only displays the user access level (read-only). The log file does not contain any session statistics. 2.5.2 ES 460/470 Series and ERS 2500, 4500, 5500 – Read-Write User Connect to the device with telnet using read-only user (bsrw).
  • Page 20  Please note that the log file only displays the user access level (read-only). The log file does not contain any session statistics. 2.5.3 ERS 2500, 4500, 5500 – 802.1x (EAP) User For this example, we will connect an 802.1x (EAP) supplicant to the switch, authenticate the EAP supplicant, generate some traffic, and then disconnect.
  • Page 21 Log file on RADIUS server - /var/log/radius/radacct/10.10.44.5/detail-20080221 Thu Feb 21 17:17:23 2008 NAS-IP-Address = 10.10.44.5 NAS-Port-Type = Ethernet NAS-Port = 1 User-Name = "eap" Acct-Session-Id = "85000001" Acct-Status-Type = Start Client-IP-Address = 10.10.44.5 Acct-Unique-Session-Id = "3e7408b4904a799d" Timestamp = 1203610643 Thu Feb 21 17:18:08 2008 NAS-IP-Address = 10.10.44.5...
  • Page 22 2.5.4 ERS 1600, 8300 and 8600 – Read-Only User For this example, we will connect to the switch using telnet via a read-only (ro) user. Telnet to Switch with read-only user (ro) type some commands 8600A:6> show date local time:...
  • Page 23 Thu Feb 21 18:09:29 2008 Acct-Status-Type = Stop Acct-Session-Id = "1ef400000012" User-Name = "ro" NAS-IP-Address = 10.10.50.1 Acct-Session-Time = 81 Acct-Input-Octets = 0 Acct-Output-Octets = 1871 Acct-Input-Packets = 0 Acct-Output-Packets = 94 Cli-Commands = "show date" Cli-Commands = "config ?"...
  • Page 24 CPU6 [02/21/08 18:09:30] SW INFO Closed telnet connection from 10.10.50.10, user ro rcmd -2 2.5.5 ERS 1600, 8300 and 8600 – Read-Write User For this example, we will connect to the switch using telnet via a read-write (rwa) user. Telnet to Switch with read-write user (rwa) type some commands...
  • Page 25 Please note that the client-IP-Address is equal to NAS-IP-Address which is not correct. The  client-IP-Address is the station where telnet has been issued, which is 10.10.50.10. The reason is the switch does not provide a Client-IP-address field (see sniffer trace). Application artificially copy field.
  • Page 26 2.5.6 ERS 1600, 8300, 8600 – 802.1x (EAP) User For this example, we will connect an 802.1x (EAP) Supplicant to the switch, authenticate, generate some traffic, and then disconnect. Log file on RADIUS server - /var/log/radius/radius.log Thu Feb 21 18:43:58 2008 : Auth: Login OK: [eap] (from client 8600 port 237 cli 00-12-3F-1A-1B-68) Log file on RADIUS server - /var/log/radius/radacct/10.10.50.1/auth-detail-20080221...
  • Page 27 Acct-Session-Id = "e3000000" NAS-Port = 237 User-Name = "eap" Acct-Status-Type = Stop Acct-Input-Octets = 9288 Acct-Output-Octets = 5800 Acct-Session-Time = 62 Acct-Terminate-Cause = Lost-Carrier Client-IP-Address = 10.10.50.1 Acct-Unique-Session-Id = "6f5b9475a3d11c7b" Timestamp = 1203615901  802.1x (EAP) user has accounting start & stop records in accounting log file...
  • Page 28 To configure read-write (rw) user with commands “config ip” & “test” denied. /erc/raddb/users file to be edited on RADIUS server. Auth-Type == Local,User-Password == "rw" Access-Priority = rw, Command-Access = "False", Commands = "config ip", Commands += "test" You must enable user access profile (cli-profile) parameter on RADIUS client.
  • Page 29 Log file on RADIUS client 8600A:6# CPU6 [03/03/08 15:28:13] SW INFO user rw connected from 10.10.50.10 via telnet CPU6 [03/03/08 15:29:17] SW INFO Closed telnet connection from 10.10.50.10, user rw rcmd -2  Please note that accounting records for rw user will be similar to the ones for ro and rwa users already documented in chapter 2.5.4 and 2.5.5.
  • Page 30 : 180 The accounting will be done based on per SNMP Session which will record the duration of that particular session and the number of packets/octets received. Accounting is done for every session. The user for any SNMP session has to be added as ―snmp_user‖. At the beginning of any session, a start accounting message is sent to the RADIUS server.
  • Page 31 Log file on RADIUS server - /var/log/radius/radacct/10.10.50.1/detail-20080304 Tue Mar 4 16:07:53 2008 Acct-Status-Type = Start NAS-IP-Address = 10.10.50.1 Acct-Session-Id = "351500000008" Client-IP-Address = 10.10.50.1 Acct-Unique-Session-Id = "970c6f05416f1f19" Timestamp = 1204643273 Tue Mar 4 16:07:53 2008 Acct-Status-Type = Start NAS-IP-Address = 10.10.50.1 Acct-Session-Id = "752100000009"...

  • Page 32: Sniffer Traces On Radius Server

     Please note that accounting records for SNMP session will be similar to the ones for ro and rwa users already documented in chapter 2.5.4 and 2.5.5. 2.6 Sniffer Traces on RADIUS Server 2.6.1 RADIUS Authentication Read-Only User Frame 1 (98 bytes on wire, 98 bytes captured)
  • Page 33 AVP: l=18 t=User-Password(2): Encrypted AVP: l=6 t=Service-Type(6): Administrative-User(6) AVP: l=6 t=User-Name(1): bsrw Frame 4 (68 bytes on wire, 68 bytes captured) Ethernet II, Src: DellComp_38:57:5b (00:06:5b:38:57:5b), Dst: NortelNe_0f:8e:04 (00:04:38:0f:8e:04) Internet Protocol, Src: 10.10.50.40 (10.10.50.40), Dst: 10.10.44.5 (10.10.44.5) User Datagram Protocol, Src Port: radius (1812), Dst Port: 1025 (1025)
  • Page 34 AVP: l=38 t=State(24): B8D43E1BDB1A306B129DE028F01996DA98FDBE478A1AFC61... Frame 7 (199 bytes on wire, 199 bytes captured) Ethernet II, Src: NortelNe_0f:8e:04 (00:04:38:0f:8e:04), Dst: DellComp_38:57:5b (00:06:5b:38:57:5b) Internet Protocol, Src: 10.10.44.5 (10.10.44.5), Dst: 10.10.50.40 (10.10.50.40) User Datagram Protocol, Src Port: 1025 (1025), Dst Port: radius (1812)
  • Page 35 AVP: l=6 t=NAS-Port(5): 1 AVP: l=5 t=User-Name(1): eap AVP: l=10 t=Acct-Session-Id(44): 85000002 AVP: l=6 t=Acct-Status-Type(40): Start(1) Frame 10 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: DellComp_38:57:5b (00:06:5b:38:57:5b), Dst: NortelNe_0f:8e:04 (00:04:38:0f:8e:04) Internet Protocol, Src: 10.10.50.40 (10.10.50.40), Dst: 10.10.44.5 (10.10.44.5)
  • Page 36 2.6.4 RADIUS Authentication & Accounting rwa User Frame 13 (97 bytes on wire, 97 bytes captured) Ethernet II, Src: NortelNe_0f:8e:04 (00:04:38:0f:8e:04), Dst: DellComp_38:57:5b (00:06:5b:38:57:5b) Internet Protocol, Src: 10.10.50.1 (10.10.50.1), Dst: 10.10.50.40 (10.10.50.40) User Datagram Protocol, Src Port: 1366 (1366), Dst Port: radius (1812)
  • Page 37 (00:04:38:0f:8e:04) Internet Protocol, Src: 10.10.50.40 (10.10.50.40), Dst: 10.10.50.1 (10.10.50.1) User Datagram Protocol, Src Port: radacct (1813), Dst Port: 32000 (32000) Radius Protocol Code: Accounting-Response (5) Packet identifier: 0xf3 (243) Length: 20 Authenticator: 862C60235782477D44532C49CB4BD972 [This is a response to a request in frame 15] [Time from request: 0.000637000 seconds]...
  • Page 38 2.6.5 RADIUS User Access Profile Frame 1 (96 bytes on wire, 96 bytes captured) Ethernet II, Src: NortelNe_0f:8e:04 (00:04:38:0f:8e:04), Dst: DellComp_38:57:5b (00:06:5b:38:57:5b) Internet Protocol, Src: 10.10.50.1 (10.10.50.1), Dst: 10.10.50.40 (10.10.50.40) User Datagram Protocol, Src Port: 1450 (1450), Dst Port: radius (1812)

  • Page 39: Tacacs

    3. TACACS+ Ethernet Routing Switch 5500, 1600 and 8300 Series all support the Terminal Access Controller Access Control System plus (TACACS+) client. TACACS+ is a security application implemented as a client/server-based protocol that provides centralized validation of users attempting to gain access to a router or network access server.

  • Page 40: Feature Operation

    3.2 Feature Operation During the log on process, the TACACS+ client initiates the TACACS+ authentication session with the server. After successful authentication, if TACACS+ authorization is enabled, the TACACS+ client initiates the TACACS+ authorization session with the server. After successful authentication, if TACACS+ accounting is enabled, the TACACS+ client sends accounting information to the TACACS+ server.
  • Page 41 You cannot enable both RADIUS and TACACS+ authentication on the same interface.  However, you can enable RADIUS and TACACS+ on different interfaces; for example, RADIUS on the serial connection and TACACS+ on the Telnet connection. Prompts for log on and password occur prior during the authentication process. If TACACS+ fails because there are no valid servers, then the username and password ...
  • Page 42 3.2.3 TACACS+ Accounting TACACS+ accounting enables you to track:  the services accessed by users  the amount of network resources consumed by users When accounting is enabled, the NAS reports user activity to the TACACS+ server in the form of accounting records.

  • Page 43: Avaya Switches Tacacs+ Support

    To support runtime switching of users to a particular privilege level, you must preconfigure a dummy user for that level on the daemon. The format of the user name for the dummy user is $enab<n>$, where <n> is the privilege level to which you want to allow access. 3.3 Avaya Switches TACACS+ Support TACACS+ TACACS+...
  • Page 44 The following table shows the scheme used to map the access levels to TACACS+ privilege levels. Access Level ERS 1600,8300 ERS 5500 none Authentication, Authorization and Accounting (AAA) for ERS and ES November 2010 Technical Configuration Guide...

  • Page 45: Tacacs+ Server Configuration - Using Tac_Plus

    3.4 TACACS+ Server Configuration – Using tac_plus The following TACACS+ Server configuration is based on tac_plus, www.networkforums.net. Once installed on a Linux host, there is a unique configuration file to edit as shown below. 3.4.1 /etc/tacacs/tac_plus.cfg This file contains all configuration parameters for TACACS+.
  • Page 46 = exit { permit .* } cmd = logout { permit .* } service = exec { priv-lvl = 1 group = level6 { cmd = enable { permit .* } cmd = configure { permit terminal } cmd = show { permit .* }...

  • Page 47: Tacacs+ Client Configuration

    Two different product lines, ERS 5500 (and 2500, 4500 in the future) use a specific logic for configuration whereas ERS 1600, 8300 (and 8600 in the future) each uses a different logic for configuration. Network diagram with TACAC+ client and server can be simplified and summarized as shown below:...
  • Page 48 You get the following message at console: no response from TACACS+ servers 3.5.2 ERS 1600, 8300 ACLI or JDM (Java Device Manager) can be used to configure the switch, for simplicity and readability, we will document command line interface commands:...

  • Page 49: Tacacs+ Server & Client Log Files

    : N/A set : N/A With the ERS 1600 and 8300, you can change the TACACS+ source IP address by using the following command.  Config tacacs server create <ipaddr> <value> [port <value>] [priority <value>] [timeout <value>] [single-connection <value>]...
  • Page 50 Telnet to Switch with read-only user (ro) type some commands 5510<level-1>> en 5510<level-1># show clock Current SNTP time 2008-02-26 14:33:17 GMT+01:00 Daylight saving time is DISABLED Time Zone is set to 'METD', offset from UTC is 01:00 5510<level-1># conf t %Your command was not authorized 5510<level-1># exit...
  • Page 51 Tue Feb 26 14:30:10 2008 [16405]: do_author: user 'ro' found Tue Feb 26 14:30:10 2008 [16405]: exec authorization request for ro Tue Feb 26 14:30:10 2008 [16405]: exec is explicitly permitted by line 97 Tue Feb 26 14:30:10 2008 [16405]: author_svc: nas:service=shell (passed thru)
  • Page 52 Log file on TACACS+ client 2008-02-26 14:30:05 GMT+01:00 139 #1 Successful connection from IP address: 10.10.50.10 2008-02-26 14:30:34 GMT+01:00 140 #1 Session closed (user logout), IP address: 10.10.50.10, access mode: no security 2008-02-26 14:30:35 GMT+01:00 141 #1 Connection closed (user logout), IP address: 10.10.50.10...
  • Page 53 Log file on TACACS server - /var/log/tac_plus.log Depends on debug value configured /etc/rc5.d/S99tac_plus Tue Feb 26 14:35:12 2008 [16434]: verify: login access for user 'bsrw' to port Telnet Session 1 on 10.10.55.6 from 10.10.50.10 Tue Feb 26 14:35:12 2008 [16434]: cfg_check_host_group_access: checking login access to host '10.10.55.6' for user 'bsrw'...
  • Page 54 Tue Feb 26 14:35:21 2008 [16438]: authorization query for 'bsrw' unknown from 10.10.55.6 accepted Tue Feb 26 14:35:24 2008 [16439]: Start authorization request Tue Feb 26 14:35:24 2008 [16439]: do_author: user 'bsrw' found Tue Feb 26 14:35:24 2008 [16439]: authorize_cmd: configure terminal...
  • Page 55 Log file on TACACS server - /var/log/tac_acc.log NO ENTRY.  Please note that ERS 1600 and 8300 does not support TACACS+ accounting. Log file on TACACS server - /var/log/tac_plus.log Depends on debug value configured /etc/rc5.d/S99tac_plus Tue Feb 26 16:49:21 2008 [16476]: verify: login access for user 'ro' to port on 10.10.50.5 from 10.10.50.5...
  • Page 56 Tue Feb 26 16:49:21 2008 [16476]: verify: login cleartext authentication successful Tue Feb 26 16:49:21 2008 [16476]: default_fn: login query for 'ro' unknown- port from 10.10.50.5 accepted Tue Feb 26 16:49:21 2008 [16477]: Start authorization request Tue Feb 26 16:49:21 2008 [16477]: do_author: user 'ro' found...
  • Page 57 Log file on TACACS server - /var/log/tac_acc.log NO ENTRY.  Please note that ERS 1600 and 8300 does not support TACACS+ accounting. Log file on TACACS server - /var/log/tac_plus.log Depends on debug value configured /etc/rc5.d/S99tac_plus Tue Feb 26 17:27:24 2008 [16484]: verify: login access for user 'rwa' to port on 10.10.50.5 from 10.10.50.5...
  • Page 58 Tue Feb 26 17:27:24 2008 [16484]: verify: Using auth_method cleartext(11) with data rwa Tue Feb 26 17:27:24 2008 [16484]: Password has not expired <no expiry date set> Tue Feb 26 17:27:24 2008 [16484]: verify: login cleartext authentication successful Tue Feb 26 17:27:24 2008 [16484]: default_fn: login query for 'rwa' unknown- port from 10.10.50.5 accepted...

  • Page 59: Sniffer Traces On Tacacs+ Server

    3.7 Sniffer Traces on TACACS+ Server 3.7.1 TACACS Read-Only User The following trace displays the TACAC+ tcp flows , including SYN/SYN ACK/ACK (summary line, not detailed). It includes authentication, authorization and accounting. Note that TACACS messages are encrypted and only part of the message can be decoded.
  • Page 60 Transmission Control Protocol, Src Port: 49 (49), Dst Port: 1190 (1190), Seq: 1, Ack: 50, Len: 28 TACACS+ Major version: TACACS+ Minor version: 0 Type: Authentication (1) Sequence number: 2 Flags: 0x00 (Encrypted payload, Multiple Connections) ..0 = Unencrypted: Not set ..
  • Page 61 Session ID: 1919266898 Packet length: 24 Encrypted Reply Time Source Destination Protocol Info 10 0.004352 10.10.50.40 10.10.55.6 49 > 1190 [FIN, ACK] Seq=65 Ack=75 Win=5792 Len=0 TSV=3143898087 TSER=3264254 Time Source Destination Protocol Info 11 0.005546 10.10.55.6 10.10.50.40 1190 > 49...
  • Page 62 Time Source Destination Protocol Info 18 0.009609 10.10.50.40 10.10.55.6 49 > 1191 [ACK] Seq=1 Ack=73 Win=5792 Len=0 TSV=3143898088 TSER=3264254 Time Source Destination Protocol Info 19 0.010068 10.10.50.40 10.10.55.6 TACACS+ R: Accounting Frame 19 (83 bytes on wire, 83 bytes captured)
  • Page 63 [FIN, ACK] Seq=73 Ack=19 Win=8192 Len=0 TSV=3264254 TSER=3143898088 Time Source Destination Protocol Info 27 0.014117 10.10.55.6 10.10.50.40 1192 > 49 [ACK] Seq=1 Ack=1 Win=8192 Len=0 TSV=3264254 TSER=3143898088 Time Source Destination Protocol Info 28 0.015704 10.10.55.6 10.10.50.40 TACACS+ Authorization Frame 28 (134 bytes on wire, 134 bytes captured)
  • Page 64 [FIN, ACK] Seq=30 Ack=69 Win=5792 Len=0 TSV=3143898089 TSER=3264254 Time Source Destination Protocol Info 32 0.017715 10.10.55.6 10.10.50.40 1192 > 49 [ACK] Seq=69 Ack=30 Win=8192 Len=0 TSV=3264254 TSER=3143898089 Time Source Destination Protocol Info 33 0.018113 10.10.55.6 10.10.50.40 1192 > 49...
  • Page 65 Encrypted Request Time Source Destination Protocol Info 40 3.112343 10.10.50.40 10.10.55.6 49 > 1193 [ACK] Seq=1 Ack=75 Win=5792 Len=0 TSV=3143898398 TSER=3264260 Time Source Destination Protocol Info 41 3.112919 10.10.50.40 10.10.55.6 TACACS+ Authorization Frame 41 (84 bytes on wire, 84 bytes captured)
  • Page 66 Time Source Destination Protocol Info 48 11.515316 10.10.50.40 10.10.55.6 49 > 1194 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=3143899239 TSER=3264277 WS=0 Time Source Destination Protocol Info 49 11.516803 10.10.55.6 10.10.50.40 1194 > 49 [ACK] Seq=1 Ack=1 Win=8192 Len=0 TSV=3264277 TSER=3143899239...
  • Page 67 Time Source Destination Protocol Info 53 11.519153 10.10.50.40 10.10.55.6 49 > 1194 [FIN, ACK] Seq=19 Ack=87 Win=5792 Len=0 TSV=3143899239 TSER=3264277 Time Source Destination Protocol Info 54 11.520184 10.10.55.6 10.10.50.40 1194 > 49 [ACK] Seq=87 Ack=19 Win=8192 Len=0 TSV=3264277 TSER=3143899239...
  • Page 68 Packet length: 82 Encrypted Request Time Source Destination Protocol Info 62 14.999874 10.10.50.40 10.10.55.6 49 > 1195 [ACK] Seq=1 Ack=95 Win=5792 Len=0 TSV=3143899587 TSER=3264284 Time Source Destination Protocol Info 63 15.000384 10.10.50.40 10.10.55.6 TACACS+ Authorization Frame 63 (84 bytes on wire, 84 bytes captured)
  • Page 69 Time Source Destination Protocol Info 70 15.003476 10.10.55.6 10.10.50.40 1195 > 49 [FIN, ACK] Seq=95 Ack=20 Win=8192 Len=0 TSV=3264284 TSER=3143899587 Time Source Destination Protocol Info 71 15.004420 10.10.55.6 10.10.50.40 1196 > 49 [ACK] Seq=1 Ack=1 Win=8192 Len=0 TSV=3264284 TSER=3143899587...
  • Page 70 75 15.006618 10.10.50.40 10.10.55.6 49 > 1196 [FIN, ACK] Seq=18 Ack=106 Win=5792 Len=0 TSV=3143899588 TSER=3264284 Time Source Destination Protocol Info 76 15.007715 10.10.55.6 10.10.50.40 1196 > 49 [ACK] Seq=106 Ack=18 Win=8192 Len=0 TSV=3264284 TSER=3143899588 Time Source Destination Protocol Info 77 15.008090...

  • Page 71: Customer Service

    4. Customer service Visit the Avaya Web site to access the complete range of services and support that Avaya provides. Go www.avaya.com or go to one of the pages listed in the following sections. Getting technical documentation To download and print selected technical publications and release notes directly from the Internet, go to www.avaya.com/support.

This manual is also suitable for:

Ers 8300Ers 2500Ers 8600Ers 5500Es 460Es 470 ... Show all

Table of Contents